Security News > 2022 > January > Critical Cisco StarOS Bug Grants Root Access via Debug Mode
Cisco released a security update warning about a handful of vulnerabilities lurking in its networking technology, led by a critical bug in the company's StarOS debug services.
Cisco pushed out a fix for its Cisco StarOS Software on Wednesday.
Cisco StarOS Software works with Cisco ASR 5000 devices to operate virtual mobile networks for enterprises and service providers.
In addition to the fix for its Cisco StarOS Software debug service, Cisco also provided the following trio of security updates for mobile network operators running both Cisco hardware and software for virtualization.
Other Cisco products that are running an outdated version of the Cisco Unified Threat Defense Snort Intrusion Prevention System Engine for Cisco IOS XE Software or Cisco UTD Engine for Cisco IOS XE SD-WAN Software are also vulnerable, which could include Cisco routers and edge platforms, the company warned.
If successful, the attacker could gain access with the ConfD privilege access, which is typically root access, Cisco warned.
News URL
https://threatpost.com/critical-cisco-staros-bug-root-access-debug-mode/177832/
Related news
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Critical Cisco ISE bug can let attackers run commands as root (source)
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Palo Alto firewalls under attack as miscreants chain flaws for root access (source)